class UsersController < ApplicationController
  
  def login
    unless request.get?
      @user = User.find_by_username_and_password(params[:user][:username], params[:user][:password]) 
      
      if @user.nil?
        # user doesn't exist 
        @session_user.username = params[:user][:username]
        @session_user.password = params[:user][:password]
        @session_user.save!
      else
        # need to update session_user row to new user id
        stmt = "UPDATE sessions_users SET user_id = #{@user.id} WHERE user_id = #{@session_user.id}"
        ActiveRecord::Base.connection.insert(stmt)
        @session_user.destroy
        @session_user = @user       
      end
    end
    
    respond_to do |format|
      format.html { redirect_to :controller => 'artifacts'}
      format.xhtml { render :template => 'users/login.rxhtml', :layout=>false }
      format.xml  { render :xml => @user.to_xml }
    end
  end
  
  def logout
    #@session_user.
  end
  # GET /users
  # GET /users.xml
  def index
    @users = User.find(:all)
    
    respond_to do |format|
      format.html # index.rhtml
      format.xml  { render :xml => @users.to_xml }
    end
  end
  
  # GET /users/1
  # GET /users/1.xml
  def show
    @user = User.find(params[:id])
    
    respond_to do |format|
      format.html # show.rhtml
      format.xml  { render :xml => @user.to_xml }
    end
  end
  
  # GET /users/new
  def new
    @user = User.new
  end
  
  # GET /users/1;edit
  def edit
    @user = User.find(params[:id])
  end
  
  # POST /users
  # POST /users.xml
  def create
    @user = User.new(params[:user])
    
    respond_to do |format|
      if @user.save
        flash[:notice] = 'User was successfully created.'
        format.html { redirect_to user_url(@user) }
        format.xml  { head :created, :location => user_url(@user) }
      else
        format.html { render :action => "new" }
        format.xml  { render :xml => @user.errors.to_xml }
      end
    end
  end
  
  # PUT /users/1
  # PUT /users/1.xml
  def update
    @user = User.find(params[:id])
    
    respond_to do |format|
      if @user.update_attributes(params[:user])
        flash[:notice] = 'User was successfully updated.'
        format.html { redirect_to user_url(@user) }
        format.xml  { head :ok }
      else
        format.html { render :action => "edit" }
        format.xml  { render :xml => @user.errors.to_xml }
      end
    end
  end
  
  # DELETE /users/1
  # DELETE /users/1.xml
  def destroy
    @user = User.find(params[:id])
    @user.destroy
    
    respond_to do |format|
      format.html { redirect_to users_url }
      format.xml  { head :ok }
    end
  end
end
